diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 0000000000..3d6211c399
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,7 @@
+{
+  // Name
+  "name": "Benchmark GitHub Codespace Config",
+
+  "postCreateCommand": "sdk install java 17.0.18-amzn"
+}
+
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e235340075..b2611f13cc 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -46,7 +46,7 @@ jobs:
       uses: github/codeql-action/analyze@v4
       
     - name: Upload Output
-      uses: actions/upload-artifact@v6
+      uses: actions/upload-artifact@v7
       with:
         name: ${{ matrix.language }} SARIF
         path: ${{ runner.workspace }}/results/*.sarif
diff --git a/.gitignore b/.gitignore
index cf0f2cf17c..69631dfaf9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -8,10 +8,7 @@
 *.iml
 .scannerwork/
 
-data/out.csv
-owasp-benchmark/
-reports/
-src.zip
+src/WEB-INF/
 src/main/resources/benchmark.properties
 target/
 testfiles/
diff --git a/data/openapi.yaml b/data/openapi.yaml
index 288a4f7689..04a97077de 100644
--- a/data/openapi.yaml
+++ b/data/openapi.yaml
@@ -6,8 +6,8 @@ info:
   contact:
     email: dave.wichers@owasp.org
   license:
-    name: GNU GPL 2.0
-    url: https://choosealicense.com/licenses/gpl-2.0/
+    name: GNU GPL 3.0
+    url: https://choosealicense.com/licenses/gpl-3.0/
   version: "1.2"
 servers:
 - url: https://localhost:8443/benchmark
diff --git a/pom.xml b/pom.xml
index 2d82960bd9..db93fa0da9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -614,6 +614,18 @@
             <scope>provided</scope>
         </dependency>
 
+        <!-- jaxb dependencies removed from Java 11+ -->
+        <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+            <version>2.3.1</version>
+        </dependency>
+        <dependency>
+            <groupId>com.sun.xml.bind</groupId>
+            <artifactId>jaxb-impl</artifactId>
+            <version>2.3.9</version>
+        </dependency>
+
         <!-- mvn dependency:analyze says this is an unused declared dependency, but its wrong. I think the webapp needs it somehow. -->
         <dependency>
             <groupId>com.sun.jersey</groupId>
@@ -624,7 +636,7 @@
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>
-            <version>1.20.0</version>
+            <version>1.21.0</version>
         </dependency>
 
         <!-- mvn dependency:analyze says this is an unused declared dependency, but its wrong. Get this runtime error if it's not included: Caused by: org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.apache.commons.dbcp.BasicDataSource] for bean with name 'dataSource' defined in class path resource [context.xml]; nested exception is java.lang.ClassNotFoundException: org.apache.commons.dbcp.BasicDataSource -->
@@ -771,7 +783,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents.core5</groupId>
             <artifactId>httpcore5</artifactId>
-            <version>5.4</version>
+            <version>5.4.2</version>
         </dependency>
 
         <dependency>
@@ -854,7 +866,7 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.20.1</version>
+            <version>2.21.2</version>
         </dependency>
     </dependencies>
 
@@ -890,7 +902,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-dependency-plugin</artifactId>
-                    <version>3.9.0</version>
+                    <version>3.10.0</version>
                     <configuration>
                         <usedDependencies>
                             <dependency>com.sun.jersey:jersey-servlet</dependency>
@@ -924,7 +936,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-compiler-plugin</artifactId>
-                <version>3.14.1</version>
+                <version>3.15.0</version>
                 <configuration>
                     <fork>true</fork>
                     <meminitial>1000m</meminitial>
@@ -947,7 +959,7 @@
                     <dependency>
                         <groupId>org.codehaus.mojo</groupId>
                         <artifactId>extra-enforcer-rules</artifactId>
-                        <version>1.11.0</version>
+                        <version>1.12.0</version>
                     </dependency>
                 </dependencies>
                 <executions>
@@ -1017,7 +1029,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-resources-plugin</artifactId>
-                <version>3.4.0</version>
+                <version>3.5.0</version>
             </plugin>
 
             <plugin>
@@ -1038,7 +1050,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-surefire-plugin</artifactId>
-                <version>3.5.4</version>
+                <version>3.5.5</version>
             </plugin>
 
             <plugin>
@@ -1053,13 +1065,13 @@
             <plugin>
                 <groupId>org.codehaus.cargo</groupId>
                 <artifactId>cargo-maven3-plugin</artifactId>
-                <version>1.10.26</version>
+                <version>1.10.27</version>
             </plugin>
 
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>versions-maven-plugin</artifactId>
-                <version>2.20.1</version>
+                <version>2.21.0</version>
             </plugin>
 
             <!-- SpotBugs Static Analysis - the successor to FindBugs -->
@@ -1104,7 +1116,7 @@
             <plugin>
                 <groupId>com.diffplug.spotless</groupId>
                 <artifactId>spotless-maven-plugin</artifactId>
-                <version>3.1.0</version>
+                <version>3.4.0</version>
                 <configuration>
                     <!-- optional: limit format enforcement to just the files changed by this feature branch -->
                     <ratchetFrom>origin/master</ratchetFrom>
@@ -1239,7 +1251,6 @@
         <tomcat.jvmargs.debug>
             -Xdebug
             -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5050
-            -Xnoagent
             -Djava.compiler=NONE
         </tomcat.jvmargs.debug>
         <log.directory>${project.build.directory}/log</log.directory>
@@ -1249,13 +1260,13 @@
         <version.fluido>2.1.0</version.fluido>
         <!-- hibernate is up to rev 6+. But 4.0.0. causes this error: symbol: org.hibernate.classic.Session not found -->
         <version.hibernate>3.6.10.Final</version.hibernate>
-        <version.spotbugs.maven>4.9.8.2</version.spotbugs.maven>
+        <version.spotbugs.maven>4.9.8.3</version.spotbugs.maven>
         <version.spotbugs>4.9.8</version.spotbugs>
         <!-- Spring 6.x requires Java 17 -->
         <version.springframework>5.3.39</version.springframework>
         <!-- Tomcat 10 moves from Java EE to Jakarta EE, moving packages javax.* to jakarta.* - code changes likely required to address this change. -->
         <tomcat.major.version>9</tomcat.major.version>
-        <version.tomcat>9.0.113</version.tomcat>
+        <version.tomcat>9.0.115</version.tomcat>
         <tomcat.url>https://archive.apache.org/dist/tomcat/tomcat-${tomcat.major.version}/v${version.tomcat}/bin/apache-tomcat-${version.tomcat}.zip</tomcat.url>
     </properties>
 
diff --git a/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java b/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java
index 15f206770d..3d271a3f47 100644
--- a/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java
+++ b/src/main/java/org/owasp/benchmark/helpers/DatabaseHelper.java
@@ -41,6 +41,7 @@ public class DatabaseHelper {
             new org.owasp.benchmark.helpers.HibernateUtil(true);
     public static final boolean hideSQLErrors =
             false; // If we want SQL Exceptions to be suppressed from being displayed to the user of
+
     // the web app.
 
     static {
@@ -168,7 +169,7 @@ public static java.sql.Connection getSqlConnection() {
         return conn;
     }
 
-    public static void executeSQLCommand(String sql) throws Exception {
+    private static void executeSQLCommand(String sql) throws Exception {
         Statement stmt = getSqlStatement();
         stmt.executeUpdate(sql);
     }
diff --git a/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java b/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java
index 66ac4b711c..a07b00c24d 100644
--- a/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java
+++ b/src/main/java/org/owasp/benchmark/helpers/LDAPManager.java
@@ -112,19 +112,20 @@ private boolean search(LDAPPerson person) {
 
             NamingEnumeration<SearchResult> results = ctx.search(base, filter, sc);
 
+            boolean foundUser = results.hasMore();
+
             while (results.hasMore()) {
                 SearchResult sr = (SearchResult) results.next();
                 Attributes attrs = sr.getAttributes();
 
                 Attribute attr = attrs.get("uid");
                 if (attr != null) {
-                    // logger.debug("record found " + attr.get());
                     // System.out.println("record found " + attr.get());
                 }
             }
             ctx.close();
 
-            return true;
+            return foundUser;
         } catch (Exception e) {
             System.out.println("LDAP error search: ");
             e.printStackTrace();
diff --git a/src/main/java/org/owasp/benchmark/helpers/Utils.java b/src/main/java/org/owasp/benchmark/helpers/Utils.java
index b1a260811c..b815cad859 100644
--- a/src/main/java/org/owasp/benchmark/helpers/Utils.java
+++ b/src/main/java/org/owasp/benchmark/helpers/Utils.java
@@ -236,8 +236,6 @@ public static void printOSCommandResults(java.lang.Process proc, HttpServletResp
 
         try {
             // read the output from the command
-            // System.out.println("Here is the standard output of the
-            // command:\n");
             out.write("Here is the standard output of the command:<br>");
             String s = null;
             while ((s = stdInput.readLine()) != null) {
@@ -246,8 +244,6 @@ public static void printOSCommandResults(java.lang.Process proc, HttpServletResp
             }
 
             // read any errors from the attempted command
-            // System.out.println("Here is the standard error of the command (if
-            // any):\n");
             out.write("<br>Here is the std err of the command (if any):<br>");
             while ((s = stdError.readLine()) != null) {
                 out.write(ESAPI.encoder().encodeForHTML(s));
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java
index 34c82096ba..e73f446962 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00001.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00001", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java
index b31b6a3343..dc77999076 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00002.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00002", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java
index 501535c874..d03cdc0c7a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00003.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00003", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java
index beaa3b25c7..5362abd6af 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00004.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00004", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java
index 3d2710eec4..ec11e1db1d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00008.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java
index 5be39e80f9..a2c8ea62d9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00012.java
@@ -78,12 +78,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java
index df9dae2ab5..570da1f4b2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00018.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java
index 0b469a363f..d8446f7a5b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00021.java
@@ -53,7 +53,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + param + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -69,12 +68,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java
index a43678bea5..69dd949556 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00024.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java
index dcdda02691..f21b0f7e51 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00026.java
@@ -50,7 +50,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -60,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java
index 27344a048a..96584b94ac 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00027.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java
index bcfa5d1d4f..9f0e81b955 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00033.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -64,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java
index a4967179a2..2b2bf49380 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00034.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java
index e3babd8a10..fa0c496939 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00037.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java
index d4fce4685b..bf84118b9b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00039.java
@@ -65,10 +65,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java
index e20d25a567..104933d89f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00043.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java
index 58d299d619..2ec3f16ba0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00044.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + param + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -70,12 +69,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java
index caa0f14615..59b2dadcfa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00052.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java
index d2b0b30ed1..d81814939e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00053.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00053", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java
index f768641462..863669de67 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00054.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00054", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java
index 23bd9f8d49..a6a592295e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00055.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00055", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java
index 29390d6190..54a9fd69c3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00056.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00056", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java
index 4ef862d5ae..658e3f4ada 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00057.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00057", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java
index 7d03df2baf..ae85e972df 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00058.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00058", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java
index 2a138ea63b..1cb4de6512 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00059.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00059", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java
index a64f933d3e..b820ede91e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00060.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00060", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java
index e0d2e00369..593e2844c7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00061.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00061", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java
index 44f0ea70b7..5b5635ef84 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00062.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00062", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java
index 3e9550a7ea..101c2ec7b1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00063.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00063", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java
index 79a829e3b4..e410c7dcc8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00064.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00064", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java
index 483faac90e..39332e749e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00065.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00065", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java
index 81f632e646..acc55ddbc8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00066.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00066", "anything");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java
index 625cb93271..d88b5cef0b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00067.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00067", "anything");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java
index a767d4fed3..67f221bf7a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00068.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00068", "anything");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java
index 508d372969..1ab7819ded 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00069.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00069", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java
index 594071e2b8..de85692a69 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00070.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00070", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java
index a2400b31c9..ed35f855d5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00071.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00071", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java
index afa3284c57..3e7494cac0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00072.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00072", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java
index 6aa740440a..3649bc54f7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00073.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00073", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java
index b1cc4ddfc2..8bd31f4615 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00074.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00074", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java
index 5722b0bc4c..933dcd41df 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00075.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00075", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java
index 3b38ebb83c..63d04920bf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00076.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00076", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java
index d929ba6934..4207a3a51b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00077.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00077", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java
index 5773c9d2a4..d06382a80b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00078.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00078", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java
index 0cc7c196d8..2e59caf4c0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00079.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00079", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java
index b39fc2434f..8ae7030d82 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00080.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00080", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java
index a0b486ee75..6c1dfadc82 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00081.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00081", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java
index c0de01c39c..df3b3fe6d7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00082.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00082", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java
index 6f509bf5de..f39a343b82 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00083.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00083", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java
index 03c3eb0cb3..960571150e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00084.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00084", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java
index 3cd977db9e..91087125dc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00085.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00085", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java
index cd31ec9742..9c4560b01d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00086.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00086", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java
index 460086f96c..ac652c09a9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00087.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00087", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java
index 4da3391033..70b9ee5894 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00088.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00088", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java
index ff09d01f11..0516ed95eb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00089.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00089", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java
index 6f045cb9f0..a75acdf76c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00090.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00090", "ls");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java
index 4a983d3ca6..4bda8e8318 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00091.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00091", "FOO%3Decho+Injection");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java
index 9421950e43..17c051e6ff 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00092.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00092", "FOO%3Decho+Injection");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java
index 56372b8c82..92a1d76790 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00093.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00093", "ls");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
index f6e2b83b29..5def6e3b17 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00094.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00094", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java
index d817be4a47..2ed886d0eb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00095.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00095", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java
index 53537aea13..cae48fe1b9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00096.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00096", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java
index 10fe45f85c..71dbfb01f7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00097.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00097", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java
index daeadc40ef..3ebab68e6a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00098.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00098", "my_user_id");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java
index bc8c41f140..dd7ff9c11b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00099.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00099", "my_userid");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java
index 9e8349062c..053f64f9d2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00100.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00100", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -86,7 +87,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java
index 3ed4c9a6a4..b68525bb83 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00101.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00101", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -87,7 +88,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java
index f1b552dd7f..1f8c43448b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00102.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00102", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -73,10 +74,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java
index d3845ed61d..475722d2d0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00103.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00103", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -77,10 +78,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java
index 2794ec8e11..90121f9dc6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00104.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00104", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java
index 6d5d0f5b5f..36d79d7f59 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00105.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00105", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java
index e844eb8d45..4efb36d365 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00106.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00106", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -84,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java
index 37994ba345..c2264363b2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00107.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00107", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -95,7 +96,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java
index 936abe8572..dae1e43878 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00108.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00108", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -93,7 +94,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java
index 2816bc4edc..75a07e02f1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00109.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00109", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -81,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java
index 3bb8262098..830d54cd06 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00110.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00110", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -95,7 +96,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java
index 70ff23ca68..b92ec2b24f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00111.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00111", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -84,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java
index fdef001896..9c5e5cea8f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00112.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00112", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -76,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java
index fb9bc79c7c..6cd16cd6e0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00113.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00113", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java
index 996189bce3..50ba62e19b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00114.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00114", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -79,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java
index 677548bb40..d1e117c2cc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00115.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00115", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -79,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java
index 6ffcc0b757..52780ea198 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00116.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00116", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java
index 9829ccc8a1..306bed91e5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00117.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00117", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java
index c768c2a1c8..0620c992a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00118.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00118", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java
index 04d28e6ef7..1f37a44ee3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00138.java
@@ -82,12 +82,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java
index 06f78927f9..bd479db1b3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00139.java
@@ -98,12 +98,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java
index a30e0c9b4a..30e5bb6445 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00190.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java
index 9be0c09e50..ab07adda29 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00191.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java
index 605094f65b..a3ae33a0e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00192.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java
index f8930ef516..4e78da6a4c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00193.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java
index 52d3c7cd36..dfaec5529c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00198.java
@@ -53,6 +53,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = thing.doSomething(param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -60,7 +61,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java
index b0239488b1..6415a33187 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00199.java
@@ -56,6 +56,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         else bar = "This should never happen";
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -63,7 +64,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java
index c0f68de0fe..ea4a46c8e8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00202.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java
index 2af476ffab..f2873cc0a5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00203.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java
index 0c57cef4ad..8a3fffd4b6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00204.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java
index 354f00c304..49f62bf973 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00205.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java
index 95014bc39f..921125b708 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00206.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java
index 0e8575bac4..3f56613e8b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00328.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java
index f4eeac6869..1e14a770df 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00329.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java
index 6f2ead7d31..6949444e45 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00330.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java
index d52c5e8d0a..8d6bce2455 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00331.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java
index 4fd8885bbc..7914380525 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00332.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java
index 824bb8821f..ceea99496e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00333.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java
index f4719854a4..9b1ebea1a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00334.java
@@ -89,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java
index 20cbf10540..8446dcb9b5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00335.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java
index dc77a80c7d..055e61e8de 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00337.java
@@ -70,10 +70,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java
index 8c8d683c2e..43a5214d5e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00338.java
@@ -65,10 +65,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java
index b68d701771..e0854a9e47 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00339.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -73,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java
index 172e6cf835..48c0275c02 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00342.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java
index d472983b4b..e6cb3d4ac9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00343.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java
index 1054524937..42a9bb6e45 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00344.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java
index 5e765997fc..3229e5ab0e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00367.java
@@ -93,12 +93,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java
index ee8e851de3..15dee91bd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00428.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java
index c502ca7fc8..d0e4c03018 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00429.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java
index 76a7ed5a7f..29a7872b79 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00430.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java
index 10616e4729..dcd77e95a6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00432.java
@@ -56,19 +56,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         }
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -78,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java
index d9f3d917ac..96d38ee6bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00433.java
@@ -51,19 +51,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         else bar = "This should never happen";
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -73,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java
index 8426d4b26f..b45bf24139 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00435.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java
index 96437dcf62..436f1bdfba 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00436.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java
index f162be3075..200e197dd5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00437.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java
index e50b930ea8..f8f5a54dd6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00438.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java
index 2cd2a49663..d4e9b0319d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00439.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java
index cc06f332ec..468f783ea8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00440.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java
index 630664e61e..694a3cb3b9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00441.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java
index 4e452ae0f7..9b536ee6a0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00509.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java
index 7267eabd86..556d054291 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00510.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java
index 60b0cb34dd..8d2037f613 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00512.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java
index 75bcc00159..b0b0b901c2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00513.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java
index 773c7280d5..5d20a87141 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00514.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java
index 72806247f3..54e5a142bb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00515.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java
index f9091b05ac..006e227aec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00516.java
@@ -78,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java
index 192af9e3a3..c54f64070f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00517.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java
index da6da56bd6..d3b690a3c0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00518.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java
index 1f3cd3dd59..6ca23df21f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00519.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java
index 88b7a2f88b..f8dfebafa7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00530.java
@@ -105,12 +105,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java
index 9952780baa..153841e15e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00589.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java
index cba00d5b4d..e03d7d0fa4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00590.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java
index b9e3d544a6..474697882c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00591.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java
index 15b267edc6..1b97a30552 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00592.java
@@ -97,7 +97,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java
index d0b3de8ed2..b24aeb3ac5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00593.java
@@ -95,7 +95,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java
index a6f8dda124..7385de0a6e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00594.java
@@ -77,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java
index b21eaad7e2..c51c29e2e1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00595.java
@@ -77,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java
index 510dd017d8..1f1a66fd27 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00596.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         }
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java
index aa5589e0c3..f3828f86ab 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00597.java
@@ -62,19 +62,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = thing.doSomething(param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -84,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java
index 0141f393fd..890bdd2c8c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00598.java
@@ -73,10 +73,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java
index 63b72dc4b5..2e28994a37 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00601.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java
index 1442ed6d36..00174efe89 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00602.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java
index ab62901520..d13d03cf3e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00603.java
@@ -71,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java
index 362b07436c..ed75dc6065 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00604.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java
index 8cedb8b166..7c83ef19b8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00605.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java
index 0a8aba5f62..660dd6f9bf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00606.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java
index 8ab20cfcad..6992294b25 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00630.java
@@ -93,12 +93,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java
index efb70eb5e0..54317ac09b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00672.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java
index 2e79baf50e..0dc425a95c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00673.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java
index 3bcbdac135..099405a49f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00674.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java
index 54d39e3b38..99ec115f85 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00675.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java
index 251f9353b1..1c4e62fe3f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00676.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java
index 017e8358f5..6b5bceb51d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00679.java
@@ -56,10 +56,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java
index 3d6c32aab5..8f83eb6e8d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00680.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java
index 49e5fa693e..319c980688 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00681.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java
index a67b602fb5..c44945425c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00682.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java
index 92eeeb0cf2..7f834dc8c9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00694.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java
index 02b814e3d5..6acfed0393 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00695.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -76,12 +75,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java
index 872835ece4..602714e608 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00701.java
@@ -95,12 +95,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java
index bd35513af1..577024f844 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00760.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java
index c9be8a0291..5721fabf0d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00761.java
@@ -78,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java
index 74259017a8..9cea0ea1b3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00762.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java
index c415740406..25df60cb44 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00763.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java
index b0acb740be..8fd2e73f13 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00768.java
@@ -56,10 +56,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java
index 8a01f04368..61856844dc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00770.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java
index fd8d7c3f42..6379479e3c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00771.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java
index e119ad0711..e0a56267b0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00772.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java
index 0968a1c073..bf0f04cae4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00773.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java
index 6b9f44e6b9..e33efc1b17 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00774.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java
index bebe5de008..5ef381482f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00837.java
@@ -91,7 +91,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java
index fdb384be59..c00ae7e734 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00838.java
@@ -105,7 +105,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java
index 513c5cc655..edeb349417 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00839.java
@@ -87,7 +87,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java
index cc11768ee6..93cf792940 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00842.java
@@ -80,6 +80,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         }
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -87,7 +88,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java
index ea003ae318..fe6274bb23 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00844.java
@@ -87,10 +87,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java
index 69a8ea505f..8618e97693 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00845.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -90,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java
index cbbcd334f9..2c0b141377 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00847.java
@@ -90,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java
index 2f7827d649..fffc4a9912 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00848.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java
index f30a871195..e13afbd590 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00849.java
@@ -89,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java
index 2620b83b73..1812add89e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00850.java
@@ -89,7 +89,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java
index ba5bfe682c..e7bd30756c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00851.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java
index 626151d82f..0532d16779 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00860.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -81,12 +80,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java
index 880591d514..3ad390a16c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00861.java
@@ -73,7 +73,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -89,12 +88,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java
index d0664cb51e..6ce3fe6850 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00924.java
@@ -71,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java
index 988638bb98..cf69de7834 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00925.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java
index 30e8fd41cb..3c6f5521fc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00926.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java
index 27b2f2c443..e1fc774dbc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00927.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java
index 248fc78c23..5cd232408c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00928.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java
index 5781c5c28f..ea0a08f435 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00929.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java
index 40757c3adf..2e939815ca 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00933.java
@@ -49,19 +49,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = thing.doSomething(param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -71,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java
index 9b877a80f7..2820d57c44 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00935.java
@@ -72,10 +72,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java
index 0c42e52899..51d04b5acb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00937.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java
index eb94dd760f..3e920d1bba 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00938.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java
index 5e50ed325a..b4a59c6f9b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00939.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java
index 8c6ee2a8ab..5ec756c3e5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00940.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java
index edabdd9766..4b87f37fa0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00942.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00942", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java
index 7ea33e0c3f..dd52ce869d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00943.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00943", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java
index a96c19cb02..3293ee524d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00944.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00944", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java
index 69b502d954..7dad5a5c94 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00945.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00945", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java
index 8a48761126..900df70176 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00946.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00946", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java
index abe6252c57..102e26d991 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00947.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00947", "Ms+Bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -73,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -89,12 +89,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java
index be08aa50e1..356249c699 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00948.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00948", "Ms+Bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -72,7 +73,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -88,12 +88,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java
index 0e393f0819..401699151f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00949.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00949", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java
index 21b522e836..fd50b82f43 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00950.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00950", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java
index 07bb305764..d89cc55769 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00951.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00951", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java
index 194f107ef2..694a1f67c0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00952.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00952", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java
index 24f827ae47..4c11f04537 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00953.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00953", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java
index 68d7409940..eb3b36d2d9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00954.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00954", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java
index c84ef7cb2a..3633298bc2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00955.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00955", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java
index 875d0ccbb3..f4e788b397 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00956.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00956", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java
index 55f1406de6..1f1c4f72cb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00957.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00957", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java
index d520eaa57c..74f0c0849d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00958.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00958", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java
index e2fe46e453..149cabe35a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00959.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00959", "Ms+Bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -91,12 +92,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java
index cf958884b5..d47c6c9a2f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00960.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00960", "anything");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java
index 29ba414037..ecc6d76aa8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00961.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00961", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java
index ca328b4764..c188e5056c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00962.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00962", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java
index 92d5597e26..b27fad7b06 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00963.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00963", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java
index 921bceab52..db66eca7c9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00964.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00964", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java
index cb36981d2f..d266791a08 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00965.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00965", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java
index f384468ec0..a1eb5b2e4c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00966.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00966", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java
index 7293356639..31babc6519 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00967.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00967", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java
index 8f08cb3fcd..a62c969f02 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00968.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00968", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java
index 7f22d1c2d3..0a62b0f3c4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00969.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00969", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java
index 85aa5e1837..c9594801d3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00970.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00970", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java
index e150eb0ab2..c516fa23d6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00971.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00971", "does_not_matter");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java
index cd955a1bee..841e66e3ed 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00972.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00972", "does_not_matter");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java
index 792c74c173..6c78b04b86 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00973.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00973", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java
index 6ae56d14bb..7c231a9d66 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00974.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00974", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java
index 25275cf1ba..98ad757df6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00975.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00975", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java
index e71cdac3e6..53738b2c7c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00976.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00976", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java
index 6cfc9bd8cd..615e2c1528 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00977.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00977", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
index e0c51eb64c..facab6dffc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00978.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00978", "localhost");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
index ebf6fdd539..8cd4c23bbf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00979.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00979", ".");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java
index 89212fae69..85e920e512 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00980.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00980", "FOO%3Decho+Injection");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
index c5d2ae0c16..da1d5b0414 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00981.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00981", ".");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java
index a7fdbec671..76ed3f4e51 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00982.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00982", "FOO%3Decho+Injection");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java
index 039fd35eab..5261de7114 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00983.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00983", "FOO%3Decho+Injection");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java
index 80770adc19..65dc6b2be7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00984.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00984", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java
index f1afe3457a..20669d47a6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00985.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00985", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java
index 35e7aec7ef..e1d412e539 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00986.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00986", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java
index 5a112527cd..a5e4d96fff 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00987.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00987", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java
index a1af647dd0..42796d82b8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00988.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00988", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java
index a1f592860e..efdd1b6fbb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00989.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00989", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java
index ada688ffb3..07b22f614c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00990.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00990", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java
index 1594460d8e..b45f31f759 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00991.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00991", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java
index 15fa167ba5..67081747fe 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00992.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00992", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java
index b4fd61317b..3639a04f3f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00993.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00993", "my_user_id");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java
index 59ae632276..31938e4a00 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00994.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00994", "my_user_id");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java
index c25441aff9..e36686f391 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00995.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest00995", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java
index 2b9e41e14e..4f5f2a5e13 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00996.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                         "BenchmarkTest00996", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java
index 6c7b31f6e1..b6fd32cc53 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00997.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                         "BenchmarkTest00997", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java
index 73c26ad083..f218e47e14 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00998.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                         "BenchmarkTest00998", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java
index 94a7b8b61e..c69c13a553 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00999.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                         "BenchmarkTest00999", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java
index d964166002..f75c026c2d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01000.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                         "BenchmarkTest01000", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -81,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java
index b3024e606a..6848523539 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01001.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01001", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -76,7 +77,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java
index eee25d4fec..9ece781e61 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01002.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01002", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java
index 79e20c2eb5..ef9efd2a35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01003.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01003", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java
index 771de318a9..3ce2110c12 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01004.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01004", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java
index 0889432362..3094c7e92f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01005.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01005", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java
index cd63247e71..f67b16c8b7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01006.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01006", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java
index 7174b1aa41..7016af7056 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01007.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01007", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -71,10 +72,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java
index c5ab84f61e..f3cd36e7e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01008.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01008", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -70,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java
index c70a6b7bfc..e34fd6dd48 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01009.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01009", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -70,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java
index 9e29c5f81e..4147e74f5d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01010.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01010", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java
index 9d4e34dab2..336e3f8b46 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01011.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01011", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -75,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java
index cf46c411d8..33295bc646 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01012.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01012", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java
index d768a1066a..e6302607a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01013.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01013", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java
index 1ea8bdfd14..f629d16da2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01014.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01014", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java
index 3947635705..0e705a24db 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01023.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -75,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java
index 1847b41a26..cb021559e1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01024.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -75,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java
index 8c35a3c0f4..ade27aa607 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01083.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java
index 39bc262d46..3f0cfc00d4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01084.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java
index 2dd40979a6..d373df9f3d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01087.java
@@ -51,6 +51,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -58,7 +59,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java
index e9a7614edd..80b86ba50c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01089.java
@@ -58,10 +58,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java
index d32c576efb..884395d987 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01090.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java
index 742b793533..5b4425c587 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01091.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java
index ed043e74d7..abc9f5ef22 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01092.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java
index f73991dd7b..a2d3947486 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01093.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java
index dd9b0be9f2..d7c68e192a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01094.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java
index 82b0497b36..fc7c0f5035 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01095.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java
index 04df2c0a13..8d608f8e7e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01096.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java
index a7b174be36..dcde862442 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01097.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java
index 7a6c3c44c7..bd29526a66 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01098.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java
index 1ef4bfffe7..27542130bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01154.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -77,12 +76,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java
index ec6c59f264..eaa4d14dd1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01208.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java
index ec84cdcafe..363944fec2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01209.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java
index 37470a27d4..b82cf65e8b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01210.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java
index a20772cf94..83b173687a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01211.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java
index 00f97fa3b0..d408ea2879 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01212.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java
index 408861e5e6..f155afd095 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01213.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java
index f9bbfe9d9d..f22b290351 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01216.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java
index 0e73e684f8..1ecee50ffc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01217.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java
index 81c5ad2ba3..e2f499fb01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01218.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java
index 18ba13eb33..ad790c701c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01219.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java
index adad23ef0c..b0bb059fc6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01220.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java
index ab465982f4..1cc944e5bb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01221.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java
index 6455a87a00..efa22040c5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01222.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java
index 2ff939b334..c0b4c4fa5e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01241.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java
index 9ff6d4ec9e..20fd643f79 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01242.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java
index 0ba48af860..03c4eeeaf9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01243.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java
index 42743c2a2d..ddc859ce62 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01301.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java
index abeba745c0..d91b9e762f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01302.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java
index a9097e0ce1..e3d9c2f624 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01303.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java
index 81df696a91..c25e7067ed 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01304.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java
index 1033c2afa2..f467e2893e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01305.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java
index 5ccf127dea..961fa572bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01306.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java
index 9c6785d3ba..2c1f9c18ee 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01307.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java
index 95128e162b..668d72fa31 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01309.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java
index c7ea9ab13c..0d2bcdb827 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01310.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java
index c0a9091848..7dcb9b0333 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01311.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java
index b073504092..75e68fd8c3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01312.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java
index a7960f6ce4..952fab1535 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01313.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java
index e3643925d0..9dfbd2c10d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01314.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java
index 9aa8acbc72..79752892de 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01315.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java
index 5190bcb65c..17b6a1d1fc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01326.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java
index 8190031458..e22de227d2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01327.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java
index b79665d84d..b74b0f506b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01378.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java
index 9917c0bfa6..3fa7d1e555 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01379.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java
index 718b461575..1fff55a7e1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01380.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java
index 0bc4c1c2c6..a5dda6bba0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01381.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java
index b4b3bd2f51..1a1ec10b7e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01382.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java
index 64990008b9..19648d1e39 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01383.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java
index 996230e2ef..5ba14aa458 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01384.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java
index 10abda1e7c..7f84e32b72 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01385.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java
index 8cb2c9e018..1836e8fac6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01386.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java
index 0628886c10..beca6a3b31 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01387.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java
index eb5a84876a..5c60b8d526 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01388.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java
index e26f60f017..e47aa1e448 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01389.java
@@ -50,19 +50,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -72,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java
index 27ce119633..687663ce43 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01391.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java
index 3e0e7bb8a1..ece5531b60 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01392.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java
index 7d5f21622a..2e05391685 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01393.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java
index 8eccd086d3..80d7d6c08e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01394.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java
index 427dc1fe11..67764b25c7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01395.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java
index 3bc03b236a..127e9f9a22 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01396.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java
index df7a933270..1db7c8765c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01402.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -84,12 +83,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java
index c18df74854..bf444f4331 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01459.java
@@ -71,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java
index 9bff7da762..eb0935cd0e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01460.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java
index 98472724a1..f9d0bdd3b4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01461.java
@@ -74,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java
index ba8981e817..066c1db453 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01462.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java
index 43c8d6aafa..df96b5b48e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01463.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java
index 44db231f40..211a1db751 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01464.java
@@ -76,7 +76,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java
index d1c7dfa97b..2ba4001eb6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01467.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java
index 6dbb3e4359..b383d0be4f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01468.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java
index d81ecd1707..13d3df83eb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01469.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java
index cbd399a964..d14a17dc01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01470.java
@@ -66,10 +66,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java
index b5c87b7b3d..e552a6fb6b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01472.java
@@ -70,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java
index c780754908..0806191ce8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01473.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java
index 6a991c82bd..8bd3f6402b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01474.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java
index a6544d1b0d..6c633daafa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01475.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java
index 6bb213696e..6fcab8199b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01476.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java
index cde5f9c9df..ca247d6dcf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01477.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java
index c29131fe73..828dbdae3d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01490.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -72,12 +71,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java
index e1ec9a6a33..0a82c6b15f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01491.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java
index 1b92dadc98..debee7212a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01492.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java
index 9a894e761b..5e4b4aa61c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01501.java
@@ -74,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java
index 30ccfb20b5..c426daefd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01552.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java
index 98f41ac9b1..29f0e46d67 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01554.java
@@ -48,19 +48,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -70,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java
index 3143d858e0..8d3e1e9b0f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01557.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java
index eb4cf5867d..4b09d7e9d7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01558.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java
index d0ca545532..16295a7012 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01559.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java
index 48217e41fd..c92707a8ea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01560.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java
index c9d7b9b9a0..c0b49697be 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01568.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java
index 40c20e8ad2..b3fac335bb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01569.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java
index 3c8f3ffba3..37cf16cd4e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01620.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java
index e157229422..d66f29c180 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01621.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java
index 14f6c6b338..faddf2bd18 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01622.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java
index 9a8cc61f26..7e36ab8939 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01623.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java
index 1b9f0c3271..632da21b54 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01626.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java
index e94f0fe638..b0826718a4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01627.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java
index 3cc4796614..7aa7b80bcd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01628.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java
index 960f342be6..aaca905293 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01629.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java
index 25735ca49f..b7e75e0c98 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01630.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java
index 523623de6f..e9d0f60477 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01631.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java
index 07b5a4ed5e..1181e75a3b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01712.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java
index d0929cc2a8..9459b517be 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01713.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java
index 916429eabf..29d3ca4e20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01714.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java
index 853147f3a6..243c045da9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01715.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java
index 41666d1b28..2c76eaaf7b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01716.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java
index 434aadd347..2eef460863 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01717.java
@@ -86,7 +86,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java
index d3e9e5ee3f..5a0740745e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01718.java
@@ -86,7 +86,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java
index 50596e9f63..752f16631b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01719.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java
index 0de6e9b5ba..d3c0155452 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01723.java
@@ -70,6 +70,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -77,7 +78,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java
index 15c8468436..0faf9535b2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01724.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java
index 1d1cac9ccb..0cfeaad3a7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01725.java
@@ -77,10 +77,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java
index e73791235c..69f1528c94 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01726.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -85,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java
index f22735fa66..f492c701bf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01728.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java
index d7828b29e6..db6bacbcbb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01729.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java
index f2b8d06757..414b0d45e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01730.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java
index dd30be2aeb..65064326ce 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01731.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java
index 8681e815ad..bf21f6669b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01732.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java
index 4f5644ab3c..47344b9632 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01733.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java
index 908ecc844a..80b59d1178 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01743.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -71,12 +70,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java
index 0cc45bff7f..4392d491af 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01753.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java
index a9b0946255..c8b9af0f20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01754.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java
index 7dbbae0442..40cf5eab7c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01755.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java
index f8ea325697..6f57abdd04 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01756.java
@@ -73,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java
index b610d3dcf0..ec237b53c6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01803.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java
index fb6da6d9c5..94b7ec8235 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01804.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java
index bb7d83eae7..3105d77352 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01805.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java
index 278e6b2679..7ec636a4fd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01808.java
@@ -47,6 +47,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -54,7 +55,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java
index 0d21da2b1d..991b656a0d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01809.java
@@ -47,19 +47,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = new Test().doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -69,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java
index 1a083344fc..679efae8a1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01810.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java
index 6a01a19c06..49b6e2de95 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01811.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java
index 2e880806d0..f13b6e50bc 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01812.java
@@ -54,10 +54,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java
index aed1088376..66df6ed07d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01813.java
@@ -54,10 +54,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java
index 1908204d72..5937f43769 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01814.java
@@ -52,7 +52,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -62,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java
index 527192ca85..4c42e29737 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01815.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java
index 37f6cd4c41..10e30f2ffa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01816.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java
index 54e1bb776a..bb3d929e64 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01817.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java
index b3ef628ad6..4ade959702 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01818.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java
index 4b9ee78d8f..b87ebf2fca 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01819.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java
index 905b70a0ca..ad41f74373 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01820.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java
index 652063479f..d76fdf33e6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01822.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01822", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java
index 14b2731965..5e14cb2627 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01823.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01823", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java
index faa6c3b76b..7f8ce5a2e2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01824.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01824", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java
index 3c9e344478..a36bace17c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01825.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01825", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java
index ed98148017..984ae4aed0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01826.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01826", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java
index 1a0206901d..194889b730 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01827.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01827", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java
index c3f800b1ff..2eaee677a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01828.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01828", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java
index dc5d3143b1..b558db1f52 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01829.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01829", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java
index a1f3a82f10..519ae9a400 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01830.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01830", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java
index e1522266d3..ea9a712bc6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01831.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01831", "Ms+Bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -73,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -89,12 +89,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java
index 9fc57602d0..24ab816dec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01832.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01832", "Ms+Bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -73,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -89,12 +89,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java
index 5c586b78c6..6610758aec 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01833.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01833", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java
index 8a6f1e4ef9..599cf9931b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01834.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01834", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java
index ee2b8a4c46..b822f3e96c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01835.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01835", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java
index 6bd242fef4..50a5ae2189 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01836.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01836", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java
index f9f77e51e9..9cb43ac58a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01837.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01837", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java
index 02f4cb14c9..e8a0968c35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01838.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01838", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java
index 5cd170d670..eb23408903 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01839.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01839", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java
index 04533a0c2b..9b7d7b2df2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01840.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01840", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java
index a7f71ab136..f07e441692 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01841.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01841", "FileName");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java
index d1502aaa41..05297ba42b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01842.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01842", "anything");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java
index 63f28da386..4dc4ce6983 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01843.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01843", "anything");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java
index 8b819ee867..4d5aff7872 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01844.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01844", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java
index 2578510a3c..f6f49e22b8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01845.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01845", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java
index eca48bdbb9..83d7494c35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01846.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01846", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java
index 37d64465a2..79ad51979c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01847.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01847", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java
index ad777035c9..758ca6684f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01848.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01848", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java
index 0eb8373036..41e30d1969 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01849.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01849", "someSecret");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java
index b38e94d618..917d067ad1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01850.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01850", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java
index 85be124f98..d8d0e6e205 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01851.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01851", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java
index 6cc163c503..78872a8b39 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01852.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01852", "ECHOOO");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java
index 643a9aeddf..f668077468 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01853.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01853", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java
index a1d7a89fe8..c913decfd6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01854.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01854", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java
index d49fd5d4a1..6084050ea8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01855.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01855", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java
index aaf7bbac2a..f5fa9ccdd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01856.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01856", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java
index 8598803d2b..c1ac6f1d00 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01857.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01857", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java
index 607a500c9e..9965f2f471 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01858.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01858", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java
index 8567931dd0..0a770ae181 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01859.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01859", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java
index 85f530e06f..bd5978e6c2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01860.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01860", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java
index eed2e87d02..7fc5697982 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01861.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01861", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java
index acfe2945bf..d11e15bccd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01862.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01862", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java
index 2378cbabea..050954f40b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01863.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01863", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java
index 28a4a7b34c..2e2048ea36 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01864.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01864", "ls");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java
index 0da0955c2a..104dfbc674 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01865.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01865", "ls");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java
index ee1eb6e0b1..e85db4c343 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01866.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01866", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java
index e678175587..94402a4e85 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01867.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01867", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java
index 8535147c86..258fb9f477 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01868.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01868", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java
index a0b75ba575..2155e13a03 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01869.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01869", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java
index 323eab5734..7ae7a68767 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01870.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01870", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java
index acb918ff01..544d2e1d69 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01871.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01871", "whatever");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java
index de4d068f4f..9379c3942f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01872.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01872", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java
index d1fe1addca..afde89887c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01873.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01873", "my_user_id");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java
index 1a0f62d428..6d10d208a3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01874.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01874", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java
index 20914fbee1..f990d7f2bd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01875.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01875", "color");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java
index a210e4b623..ca18cacdd3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01876.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01876", "my_userid");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java
index 8d95fb5adc..5550985680 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01877.java
@@ -38,6 +38,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                         "BenchmarkTest01877", "verifyUserPassword%28%27foo%27%2C%27bar%27%29");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java
index 7b63716dc1..3f3ab83934 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01878.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01878", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -77,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java
index c2d2741ef9..f391603fc1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01879.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01879", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -80,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java
index e646cf220a..66dd5e4497 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01880.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01880", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -81,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java
index 6f7c44a996..9823dd9648 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01881.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01881", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java
index 2066b1af92..a81e9bd980 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01882.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01882", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java
index 855c25e9d4..54971841a5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01883.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01883", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -70,7 +71,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java
index 70f8019f52..85b55563b7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01884.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01884", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java
index b36571c9e4..dfea356d24 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01885.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01885", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java
index e6b384a110..9f3d814aae 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01886.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01886", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java
index 673748a680..8cbbfe2cdd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01887.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01887", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java
index e671b2c4d5..d3383b9fc9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01888.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01888", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java
index cbea08b093..530250a18d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01889.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01889", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java
index cf86030798..7cc57c7045 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01890.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01890", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java
index c2f0c21228..b758b2516e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01891.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01891", "bar");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
@@ -74,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java
index 63890fb1f2..e8d8450b9c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01892.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01892", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java
index 096f5cf18d..664050f62c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01893.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01893", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java
index 313a19b02e..8c072bf382 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01894.java
@@ -37,6 +37,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response)
                 new javax.servlet.http.Cookie("BenchmarkTest01894", "2222");
         userCookie.setMaxAge(60 * 3); // Store cookie for 3 minutes
         userCookie.setSecure(true);
+        userCookie.setHttpOnly(true);
         userCookie.setPath(request.getRequestURI());
         userCookie.setDomain(new java.net.URL(request.getRequestURL().toString()).getHost());
         response.addCookie(userCookie);
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java
index 3544dfadb6..2776f64e08 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01902.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java
index 6a66aa2cba..ad65c9a522 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01903.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -74,12 +73,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java
index f1f0a22c78..e611b1b513 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01909.java
@@ -77,12 +77,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java
index a2b2ca3ddc..e6e253c0a8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01961.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java
index 51a0bbf7de..f1973d8750 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01962.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java
index c1c66396b8..34f426847d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01966.java
@@ -58,10 +58,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java
index 7b820cf2b1..183561ce92 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01967.java
@@ -58,10 +58,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java
index b10477d345..dc8e1914f9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01969.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java
index ab775cb532..c89cc64e7a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01970.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java
index f964f0481b..de1ffea079 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01971.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java
index e44fec95a1..7eb6c84d20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01972.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java
index 4f773d5724..e3fab19469 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01973.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java
index 1110a48f83..d29229dfea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02025.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -76,12 +75,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java
index 5e33aaf502..138d5f3f3a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02036.java
@@ -79,12 +79,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java
index 3c00fbeb7e..363f6fd0c2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02037.java
@@ -79,12 +79,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java
index 41825b6aa8..12e605f6e3 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02087.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java
index d7221da5d4..54cdfcbdf7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02088.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java
index a5867c1b73..483b9cb8ba 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02089.java
@@ -68,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java
index 669ee4c7ee..787dcb95db 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02092.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java
index 62bad61b55..64e82e0d9d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02093.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java
index 1bd07a5103..0daa0e0868 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02094.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java
index 9e58f57031..f2feb85159 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02095.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java
index 0b69ffd348..c07c5600ee 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02096.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java
index a34bc2846d..e94404d6e7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02097.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java
index 3df3672ee3..a791bc2a9c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02098.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java
index c68f1bc582..84af1bc9d0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02099.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java
index 63ddf9e267..b09185de59 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02104.java
@@ -54,7 +54,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -70,12 +69,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java
index 42e5b58397..70c15b4de9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02114.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java
index dbc0bc3d18..7dbbc14329 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02115.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java
index a1dc8d7ca1..de0470f123 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02116.java
@@ -72,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java
index 0e7ff768c7..e18177ba28 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02169.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java
index 04587551cd..4452d42965 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02170.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java
index 5456ea5f8d..096885dfd4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02171.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java
index aeeee038af..0dd376de20 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02172.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java
index e26a2f320a..f1501635db 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02173.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java
index 9fb366b9fb..7c6b42c11c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02178.java
@@ -46,19 +46,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -68,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java
index 15b365ce9e..44b38d4489 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02181.java
@@ -52,10 +52,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java
index f2e08c96a0..63b7d64f79 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02182.java
@@ -52,10 +52,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java
index 4d2a03d951..f7cfcf326e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02183.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java
index 440e540174..7fd177e23a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02184.java
@@ -51,7 +51,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -61,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java
index 4deedfcbeb..8e84bd8f3e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02185.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java
index 2585b309c0..df4713f108 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02186.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java
index 6333aeed5f..020dca3bc5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02187.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java
index ff72471884..1eba6b944d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02188.java
@@ -55,7 +55,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java
index de20630555..19cded3053 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02196.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -73,12 +72,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java
index 525ff4177c..40a88d4e35 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02208.java
@@ -76,12 +76,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java
index ae2d93b9a2..19bf7f9a62 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02264.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java
index 01b61fe001..897ae7658a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02265.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java
index e43009b443..ecbd4a0505 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02266.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java
index 5f87994cb9..e28db5b51e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02267.java
@@ -61,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java
index 515184a326..999fd2a248 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02268.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java
index b90b184768..5e3d618e0b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02269.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java
index d11e5ede3e..74d5d4785f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02270.java
@@ -66,7 +66,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java
index 1b90bd2cc9..e5fba316e8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02271.java
@@ -62,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java
index d9c2334a7c..0fc0dbb5f1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02275.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java
index a36ec164fa..22f057916e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02276.java
@@ -50,6 +50,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT userid from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             // int results =
             // org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForInt(sql);
@@ -57,7 +58,7 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForObject(
                             sql, Integer.class);
             response.getWriter().println("Your results are: " + results);
-            //		System.out.println("Your results are: " + results);
+
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java
index b67c129989..4cafaf52b5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02277.java
@@ -50,19 +50,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -72,7 +70,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java
index 7c5807700b..39454692a2 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02281.java
@@ -56,10 +56,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java
index 706b073704..489bfed41e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02283.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java
index 780d760191..f0e3156355 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02284.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java
index 5526d425eb..97257ddf33 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02285.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java
index beb83e124a..16e2bb77a0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02286.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java
index a32f27fbae..88885f4139 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02287.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java
index 2a71006a55..5a6e8022ad 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02288.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java
index 2522d0ae52..bff7443c91 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02299.java
@@ -67,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             javax.naming.directory.SearchControls sc = new javax.naming.directory.SearchControls();
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person)(uid=" + bar + "))";
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, sc);
@@ -83,12 +82,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java
index 7601ee638c..85c1aa4a43 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02305.java
@@ -86,12 +86,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java
index 1d825bed3d..93e649818a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02306.java
@@ -86,12 +86,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java
index 2e8bb2bfd1..3014bff9ea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02353.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
index 37184ef31a..568c020f45 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02354.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java
index 18b0317f61..6bd030631d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02355.java
@@ -72,7 +72,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java
index fbd6824e6a..dc0a691332 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02358.java
@@ -60,19 +60,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -82,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java
index 9b859c7642..c540dddf96 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02361.java
@@ -67,10 +67,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java
index e577df2c58..793778df04 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02362.java
@@ -65,7 +65,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -75,7 +74,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java
index 7d20f7c835..e8b1a1efd8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02364.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java
index 904701a2e6..6aeff40f01 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02365.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java
index 5e1715ab4d..d395f54151 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02366.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
index 3cf526b435..e644e63f58 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02367.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java
index 2a33327b13..83c0913242 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02368.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java
index 982b944920..9a1379818a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02369.java
@@ -69,7 +69,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java
index c8ae44ef01..1605328aaa 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02376.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -72,12 +71,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java
index d6740554c5..38d5b15e8b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02384.java
@@ -74,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java
index c2e222c302..33aecfca88 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02449.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java
index dfe1e414ba..cbd356eb62 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02450.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java
index 5aab2d2441..31b7efa994 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02452.java
@@ -48,19 +48,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -70,7 +68,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java
index cb34a8382e..e6af487f0d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02453.java
@@ -54,10 +54,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java
index 69d1bbba6c..cb3a217c8a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02454.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java
index bcdb016a48..c46071027b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02455.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java
index bfdbb132da..a65d4fa63f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02456.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java
index c36b457587..11d8f218ae 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02472.java
@@ -74,12 +74,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java
index b9e228ab91..1c6675f861 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02528.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java
index 1402bf95fb..19d5812581 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02529.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java
index 4bce2e6cb7..c77520d91b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02530.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java
index 4b46ee9f66..870a15e34a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02531.java
@@ -60,7 +60,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java
index 150e8585e3..7aefb3dd08 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02532.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java
index cf898883c9..343fe8cbc8 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02533.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java
index e2fceaffed..f6eb4bee3f 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02534.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java
index f39245478b..35a34d9cd6 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02535.java
@@ -64,7 +64,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java
index b2cabaaf6c..506ea4c5dd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02538.java
@@ -55,10 +55,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             sql, new Object[] {}, String.class);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java
index e482541d10..5e1d3bf602 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02539.java
@@ -53,7 +53,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -63,7 +62,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java
index 03d91c93d1..07f7a0eaf5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02541.java
@@ -58,7 +58,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java
index 2302f093cc..1c2a43625d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02542.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java
index 2adafc876e..3a68d0c555 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02543.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java
index e4e89da079..f207ef1cfb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02544.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java
index f471f880b1..68ae0a86fb 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02545.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java
index 3e398043ce..5025942a00 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02546.java
@@ -57,7 +57,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java
index b94b3ab19e..5c021400a9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02553.java
@@ -78,7 +78,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
             sc.setSearchScope(javax.naming.directory.SearchControls.SUBTREE_SCOPE);
             String filter = "(&(objectclass=person))(|(uid=" + bar + ")(street={0}))";
             Object[] filters = new Object[] {"The streetz 4 Ms bar"};
-            // System.out.println("Filter " + filter);
             boolean found = false;
             javax.naming.NamingEnumeration<javax.naming.directory.SearchResult> results =
                     ctx.search(base, filter, filters, sc);
@@ -94,12 +93,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java
index c8e58a1661..e1affb0d15 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02571.java
@@ -96,12 +96,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java
index 5dd09df1ec..5bd83dc49b 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02572.java
@@ -96,12 +96,18 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                             .println(
                                     "LDAP query results:<br>"
                                             + "Record found with name "
-                                            + attr.get()
-                                            + "<br>"
-                                            + "Address: "
-                                            + attr2.get()
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr.get().toString())
+                                            + "<br>Address: "
+                                            + org.owasp
+                                                    .esapi
+                                                    .ESAPI
+                                                    .encoder()
+                                                    .encodeForHTML(attr2.get().toString())
                                             + "<br>");
-                    // System.out.println("record found " + attr.get());
                     found = true;
                 }
             }
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java
index 6759a98c58..d7e823b468 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02625.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java
index dd8ebc58a8..66c0fbd317 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02626.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java
index d44339d98c..70db09e36d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02627.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java
index 9985904be4..dfbebf5792 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02628.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java
index 027f7d1b8b..fc65b016ea 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02629.java
@@ -84,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java
index 523f2e6754..fbdec978da 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02630.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java
index 722b51f0a1..28a2dcf758 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02631.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java
index 2255aca5d6..03de2be408 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02632.java
@@ -81,7 +81,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java
index 35d6d6aaea..dfee23479d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02633.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java
index 9f0a60169d..7c7bbcbaa1 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02634.java
@@ -85,7 +85,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java
index 4e40f0ede1..07c9d6d2f7 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02635.java
@@ -86,7 +86,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java
index c1e2b610a1..88f6b20d0a 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02636.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java
index f830d309c1..5b9c98975c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02637.java
@@ -82,7 +82,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java
index c83ea74914..3334830902 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02642.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java
index 4fda89f13e..356fb32bb5 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02643.java
@@ -70,19 +70,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -92,7 +90,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java
index 75ae0a8bef..8c2ca03f64 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02644.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -85,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java
index 7d540ce0df..cf2f281dd4 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02645.java
@@ -75,7 +75,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -85,7 +84,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java
index 0b796cc62f..b00246503d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02647.java
@@ -80,7 +80,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java
index d272e74a96..3527750643 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02648.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java
index 6cd490aacb..d61ba917ae 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02649.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java
index fcea66e0df..a819849cb9 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02650.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java
index 27d089d187..dc63aaf0ff 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02651.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java
index 0dd7312ffe..3bbd02c14d 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02652.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java
index 9f93aa1e9f..c064e70343 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02653.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java
index d977ceedd3..38531164b0 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02654.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java
index 86c4987b7c..cd397a0e29 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02655.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java
index 301a160e55..f1069a63dd 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02656.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java
index 66dc8b2b98..a72260299c 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02657.java
@@ -79,7 +79,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java
index aec1ee5ed6..d4fc7f6553 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02727.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java
index c321da721e..960d37fc15 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02728.java
@@ -63,7 +63,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java
index 181c4a4a30..8d8616f625 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02729.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java
index 612f69b00b..2a85b7782e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02730.java
@@ -59,7 +59,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java
index c46610b144..dab514fb92 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02733.java
@@ -47,19 +47,17 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         String bar = doSomething(request, param);
 
         String sql = "SELECT * from USERS where USERNAME='foo' and PASSWORD='" + bar + "'";
+
         try {
             java.util.List<java.util.Map<String, Object>> list =
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForList(sql);
             response.getWriter().println("Your results are: <br>");
 
-            //		System.out.println("Your results are");
-
             for (Object o : list) {
                 response.getWriter()
                         .println(
                                 org.owasp.esapi.ESAPI.encoder().encodeForHTML(o.toString())
                                         + "<br>");
-                //			System.out.println(o.toString());
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
@@ -69,7 +67,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (org.springframework.dao.DataAccessException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java
index 88f3add43e..f9cb0d9076 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02736.java
@@ -53,10 +53,8 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForMap(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             response.getWriter()
                     .println(org.owasp.esapi.ESAPI.encoder().encodeForHTML(results.toString()));
-            //		System.out.println(results.toString());
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
                     .println(
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java
index 132861fb46..1c7d521758 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02737.java
@@ -52,7 +52,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                     org.owasp.benchmark.helpers.DatabaseHelper.JDBCtemplate.queryForRowSet(sql);
             response.getWriter().println("Your results are: ");
 
-            //		System.out.println("Your results are");
             while (results.next()) {
                 response.getWriter()
                         .println(
@@ -62,7 +61,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
                                                 .encoder()
                                                 .encodeForHTML(results.getString("USERNAME"))
                                         + " ");
-                //			System.out.println(results.getString("USERNAME"));
             }
         } catch (org.springframework.dao.EmptyResultDataAccessException e) {
             response.getWriter()
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java
index 7fb69c2e4b..8992454588 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02738.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java
index 3c57c2e534..782dffc30e 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02739.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost
diff --git a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java
index b573cfc156..575f45cadf 100644
--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02740.java
@@ -56,7 +56,6 @@ public void doPost(HttpServletRequest request, HttpServletResponse response)
         } catch (java.sql.SQLException e) {
             if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
                 response.getWriter().println("Error processing request.");
-                return;
             } else throw new ServletException(e);
         }
     } // end doPost